In my Java 11, Spring Boot 2.7.3 application, I am making a REST call to Hashicorp Vault in order to fetch my app config. Here is the code snippet: -
HttpHeaders headers = new HttpHeaders();
headers.set(VaultConstants.NAMESPACE_HEADER_NAME, vaultNamespace);
JSONObject jsonRequestBody = new JSONObject();
jsonRequestBody.put(VaultConstants.SECRET_ID, secretKey);
jsonRequestBody.put(VaultConstants.ROLE_ID, vaultRoleId);
HttpEntity requestEntity = new HttpEntity<>(jsonRequestBody, headers);
ResponseEntity<JSONObject> result = restTemplate.exchange(uri, HttpMethod.POST, requestEntity, JSONObject.class);
These are the import statements to show which classes I am using: -
import org.json.simple.JSONObject;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.ResponseEntity;
import org.springframework.web.client.RestTemplate;
This is the runtime value of requestEntity, with sanitised values: -
<{"secret_id":"eeeeeeeeeeeeeeeeeeeeeeeee","role_id":"kkkkkkkkkkkkkkkkkkkkkkkkk"},[X-Vault-Namespace:"aaaaa/bbbb"]>
This REST call works absolutely fine when I use no authentication and also when I use my own custom Basic Spring Authentication Provider. But next, I switched to OAuth2 SSO authentication against Azure AD. This involved no code changes, but these additional dependencies in my pom.xml file: -
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
<version>2.7.3</version>
</dependency>
<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>spring-cloud-azure-starter-active-directory</artifactId>
</dependency>
After this change, my applications starts and authenticates my user successfully, but when it attempts to make the above REST call, a 400 response is returned with a character decoding issue:-
org.springframework.web.client.HttpClientErrorException$BadRequest: 400 Bad Request: "{"errors":["failed to parse JSON input: invalid character '\u003c' looking for beginning of value"]}<EOL>"
The invalid character cited in the message, \u003c, corresponds to the greater than symbol (<), which is the first character of my request entity (pasted above).
I have debugged the code and can see no difference in my runtime variables, including the request entity, before and after the switch to Azure AD authentication. The switch to Azure AD itself seems to have introduced a decoding issue.
I am at a loss as to why this is happening and how I could attempt to fix this. Very grateful for anyone reading my post and for any ideas/suggestions.
Well, I still don't know why switching to SSO authentication caused this issue, but I did at least find a quick fix, so I am sharing in case it may be useful to anyone.
I simply had to add the application json header to my request entity. Before fix: -
HttpHeaders headers = new HttpHeaders();
headers.set(VaultConstants.NAMESPACE_HEADER_NAME, vaultNamespace);
After fix: -
HttpHeaders headers = new HttpHeaders();
headers.set(VaultConstants.NAMESPACE_HEADER_NAME, vaultNamespace);
headers.setContentType(MediaType.APPLICATION_JSON);
Many thanks